package com.cskaoyan.config;

import com.cskaoyan.realm.CustomRealm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

/**
 * @program: project-market
 * @description: 权限验证
 * @author: Weiwei Liu
 * @create: 2021-12-01 15:08
 **/
@Configuration
public class ShiroConfig {

    /**
     * 权限Filter生成工厂Bean
     *
     * @param defaultWebSecurityManager
     * @return
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);

        // 认证失败后重定向的URL
//        shiroFilterFactoryBean.setLoginUrl("/unauthc");
        // 最重要的事情，对哪些请求过滤
        // 配置Filter
        // key是需要过滤的url，value为内置的过滤器
        LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();
        // login，失败则重新登录，login请求需要匿名，其他请求需要过滤

        // put顺序代表/auth/login可以匿名，其他请求需要权限，不能颠倒顺序，颠倒后被覆盖
        // 使用LinkedHashMap也是为了保证有序性

        // 后台
        filterMap.put("/admin/auth/login", "anon"); //匿名访问
//        filterMap.put("/admin/auth/info", "anon"); //匿名访问
        filterMap.put("/admin/auth/logout", "anon"); //匿名访问
        filterMap.put("hello", "anon");  // 测试接口
        // 小程序
        filterMap.put("/wx/auth/login", "anon");
        filterMap.put("/wx/auth/logout", "anon");

        filterMap.put("/wx/**/**", "anon");


//        filterMap.put("/wx/home/**","anon");
//        filterMap.put("/wx/goods/**", "anon");
//        filterMap.put("/wx/brand/**", "anon");
//        filterMap.put("/wx/catalog/**", "anon");
//        filterMap.put("/wx/search/**", "anon");
//        filterMap.put("/wx/topic/**", "anon");
//        filterMap.put("/wx/comment/**", "anon");
//        filterMap.put("/wx/coupon/list", "anon");
//        filterMap.put("/wx/storage/**", "anon");
//        filterMap.put("/wx/collect/**", "anon");
//        filterMap.put("/wx/auth/register", "anon");
        filterMap.put("/index", "anon");
        filterMap.put("/unauthc", "anon");

        filterMap.put("/admin/**", "authc"); //授权访问


        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
        return shiroFilterFactoryBean;
    }

    /**
     * shiro的核心组件 SecurityManager
     * 负责管理shiro的所有组件
     */
    @Bean
    public DefaultWebSecurityManager securityManager(CustomRealm customRealm, DefaultWebSessionManager sessionManager) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();

        defaultWebSecurityManager.setSessionManager(sessionManager);
        defaultWebSecurityManager.setRealm(customRealm);

        return defaultWebSecurityManager;
    }

    /**
     * 负责session的认证管理
     *
     * @param defaultWebSecurityManager
     * @return
     */
    @Bean
    public AuthorizationAttributeSourceAdvisor advisor(DefaultWebSecurityManager defaultWebSecurityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager);
        return authorizationAttributeSourceAdvisor;
    }

}
